cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1061
Views
0
Helpful
3
Replies
Enthusiast

ASA SSL VPN Anyconnect Cert Validation

A CA cert seems to be tied to my SSL VPN configuration that when a user connects it checks for this cert on their machine, how can I remove this validation since we are moving to MFA with DUO, I have machines that do not have certs that fail because the ASA is looking for certs.

 

 

Everyone's tags (1)
3 REPLIES 3
Highlighted
Hall of Fame Guru

Re: ASA SSL VPN Anyconnect Cert Validation

Check the Authentication method for your AnyConnect connection profile (known as tunnel-group in the cli configuration).

 

If you're using ASDM it's under Configuration > Remote Access VPN > AnyConnect Connection Profile > Edit.

 

A much less common possibility is a DAP check. See if there's a dap.xml file on the ASA. That would be under the Host Scan section of Secure Desktop Manager section of the Remote Access VPN configuration.

 

Highlighted
Enthusiast

Re: ASA SSL VPN Anyconnect Cert Validation

AAA Method is "AAA and Certificate" so can I just move that that to AAA only and it will stop looking for a cert?
Highlighted
Hall of Fame Guru

Re: ASA SSL VPN Anyconnect Cert Validation

Yes, that will generally do it.